<?php
/**
 * 用户访问控制
 */
class user{

	/**
	 * 判断登录状态
	 *
	 * @return array|false 成功返回管理员信息$user 失败返回false
	 */
	function check(){
	

		$auth=kc_cookie('auth_KingCMS');
		$kui=explode("\t",$auth);
		
		$user=user::infoUser($kui[0]);

	
		if($user['authcookie']!=$auth){

			return False;	
		}
		return $user;	

	
	}

	public function init(){
		$user=user::check();

		$db=new db;
		//未登录时
		if (empty($user)) {
		$s='<div class="lef_home"><span class="zx"><a href="/">首页</a></span><span class="jl"><a href="/browse/list/3/1/">资讯</a></span><span class="jl"><a href="/browse/home/">知道</a></span><span class="jl"><a href="/browse/list/4/1/">专题</a></span><span class="zt"><a href="/page/1">商家</a></span></div>';

			$s.='<form id="login">';
			$s.='<var>输入帐号密码即可注册!</var>';
			$s.='<label for="username">用户名:</label><input type="input" name="username" id="username" maxlength="12" class="w100"/>';
			$s.='<label for="userpass">密码: </label><input type="password" name="userpass" id="userpass" maxlength="20" class="w100"/>';
			$s.='<input type="submit" value="登录" onclick="$.kc_ajax({URL:\'/browse/home/index.php\',CMD:\'login\',FORM:\'login\'});return false;"/>';
			$s.='<input type="button" value="注册" onclick="$.kc_ajax({URL:\'/browse/home/index.php\',CMD:\'register\',FORM:\'login\'});return false"/>';
			$s.='</form>';
		}else{
			$s='<div class="lef_home"><span class="zx"><a href="/">首页</a></span><span class="jl"><a href="/browse/list/3/1/">资讯</a></span><span class="jl"><a href="/browse/home/">知道</a></span><span class="jl"><a href="/browse/list/4/1/">专题</a></span><span class="zt"><a href="/page/1">商家</a></span></div><div id="login">';
			$s.='欢迎您, <strong>'.$user['username'].'</strong>!';
			if ($user['userid']==1) {
				$count=$db->getCount('%s_feedback','isread=0');
				$all=$db->getCount('%s_feedback');
				$s.='<a href="javascript:;" onclick="$.kc_ajax({URL:\'/browse/home/index.php\',CMD:\'fback\'})">留言('.($count>0?'<strong style="color:#F00">'.$count.'</strong>':$count).'/'.$all.')</a>';
				$s.='<a href="javascript:;" onclick="$.kc_ajax({URL:\'/browse/home/index.php\',CMD:\'config\'})">系统参数</a>';
				$s.='<a href="javascript:;" onclick="$.kc_ajax({URL:\'/browse/home/index.php\',CMD:\'ip\'})">IP封锁</a>';
				$s.='<a href="javascript:;" onclick="$.kc_ajax({URL:\'/browse/home/index.php\',CMD:\'word\'})">敏感词</a>';
			
			}
			$s.='<a href="/browse/user/" >用户中心</a>';
			$s.='<a href="javascript:;" onclick="$.kc_ajax({URL:\'/browse/home/index.php\',CMD:\'resetpass\'})">修改密码</a>';
			$s.='<a href="javascript:;" onclick="$.kc_ajax({URL:\'/browse/home/index.php\',CMD:\'logout\'})">退出登录</a>';
			$s.='</div>';
		}

		$res=$db->getRows('%s_page','id,norder,name','type=1','norder desc,id desc');
		$p='';
		foreach ($res as $rs) {
			$p.='<li><a href="page_'.$rs['id'].'.htm" title="'.$rs['name'].'">'.$rs['name'].'</a>';
			if(kc_val($user,'ismanage')){
				//底部内容编辑
				$p.='<a href="javascript:;" class="manage" onclick="$.kc_ajax({URL:\'page.php\',CMD:\'edt\',id:'.$rs['id'].'})"><img src="images/edit.gif"/></a>';
				if($rs['id']!=1)
				$p.='<a href="javascript:;" class="manage" onclick="$.kc_ajax({URL:\'page.php\',CMD:\'delete\',id:'.$rs['id'].'})"><img src="images/delete.gif"/></a>';
				$p.='<var class="manage">['.$rs['norder'].']</var>';
			}
			$p.='</li>';
		}
		if (kc_val($user,'ismanage')) {
			$p.='<li><a href="javascript:;" onclick="$.kc_ajax({URL:\'page.php\',CMD:\'edt\',type:1})"># 新建 #</a></li>';
		}

		$array=array(
			'ismanage'=>kc_val($user,'ismanage',0),
			'userid'=>kc_val($user,'userid',0),
			'username'=>kc_val($user,'username','[匿名]'),
			'login'=>$s,
			'time'=>time(),
			'pages'=>$p,
		);

		return $array;
	}

	public function lockip(){
		$ip=kc_config('black.ip');
		if (empty($ip)) return;

		$ips=explode("\n",$ip);
		$yip=str::ip();
		$ip=long2ip($yip);
		foreach ($ips as $r) {
			if(strpos($ip,$r)!==false && !empty($r)) kc_tip('您所在IP段因发布非法信息，暂时禁止发布信息！');
		}
	}

	public function blackword($s){
		$word=kc_config('black.word');
		if(empty($word)) return;

		$words=explode("\n",$word);
		foreach ($words as $r) {
			if(strpos($s,$r)!==false && !empty($r)) kc_tip('内容中含有禁止发布的内容！');
		}
	}
public function infoUser($userid=''){

		$db=new db;
	//if(!$array=$king->cache->get($cachepath,1)){
		if(!kc_validate($userid,2))//判断是否为数字类型，以免被注入
			return False;
		if(!$res=$db->getRows_one('%s_user','*','userid='.$userid))
			return False;

		$array=array();
		foreach($res as $key => $val){
			if(!kc_validate($key,2))
				$array[$key]=htmlspecialchars($val);
		}
		$array['authcookie']=$userid."\t".$res['username']."\t".md5($res['username'].'3wl21y3y53uu1109tx713lxqw8dbvit9');//cookie中的userpass段
		//$king->cache->put($cachepath,$array);
	//}
	return $array;
}

}

?>